A large malspam campaign using spoofed email addresses has attempted to infect recipients with Locky ransomware in roughly 20 million detected attacks since Tuesday, researchers from Barracuda Networks have reported.
According to Fleming Shi, Barracuda’s senior vice president of advanced technology engineering, it appears that the bot behind the campaign is able to generate fake email addresses that make it look as if the offending email is arriving internally from the recipients’ own organization. “This makes it a little more likely people will click on it,” said Shi, speaking with SC Media.
Another clue: the malspam emails’ subject line includes a date, followed by a random number, which is also characteristic of the recent Locky attacks. Indeed, after further analysis, Barracuda is now officially confirming that the malware is in the Locky family.
Shi told SC Media that the volume of attacks diminished on Thursday after peaking on Wednesday, but the campaign still continues as of the writing of this article.
“We advise against making payment to ransomware criminals because this doesn’t guarantee the decryption of your files and it encourages them to target you again in the future,” Barracuda advises in its blog post.